Store Dynatrace images in private registries - Kubernetes

You can store Dynatrace containers in private registries in Kubernetes environments using either a lightweight or an immutable OneAgent container image.

  • The lightweight image consists of a OneAgent installer, which downloads necessary binaries from the Dynatrace Cluster.
  • The immutable image includes the binaries themselves, allowing for more control and thorough security scanning.
  1. Pull the Dynatrace Operator image.
    Example command:
docker pull docker.io/dynatrace/dynatrace-operator:v<X.Y.Z>

Note: Be sure to replace <X.Y.Z> with the latest Dynatrace Operator version.

  1. Pull a specific immutable OneAgent image version.
    Example command:
docker pull <YOUR_ENVIRONMENT_DOMAIN_NAME>/linux/oneagent:<x.y.z>

Note: Be sure to replace <YOUR_ENVIRONMENT_DOMAIN_NAME> with your own environment domain name (the URL without https://), and <x.y.z> with your desired OneAgent version.

  1. Tag each image for your own registry.
    Example command:
docker tag docker.io/dynatrace/dynatrace-operator:v<X.Y.Z> <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>/dynatrace-operator:v<X.Y.Z>
docker tag <YOUR_ENVIRONMENT_DOMAIN_NAME>/linux/oneagent:<x.y.z> <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>/oneagent:<x.y.z>

Note: Be sure to replace:

  • <X.Y.Z> with the latest Dynatrace Operator version.
  • <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS> with the Dynatrace Operator address from your private registry.
  • <YOUR_ENVIRONMENT_DOMAIN_NAME> with your environment domain name (the URL without https://).
  • <x.y.z> with your desired OneAgent version.
  • <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS> with the OneAgent address from your private registry.
  1. Push both images to your own registry.
    Example command:
docker push <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>/dynatrace-operator:v<X.Y.Z>
docker push <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>/oneagent:<x.y.z>

Note: Be sure to replace <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>, <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>, <X.Y.Z>, and <x.y.z> with your own values.

  1. Download the latest kubernetes.yaml file from the Dynatrace GitHub repository.
wget https://github.com/Dynatrace/dynatrace-operator/releases/latest/download/kubernetes.yaml
  1. If your registries need authentication, update imagePullSecrets on different service accounts.
    For more information on how Kubernetes handles security for pods, see Configure service accounts for pods.

  2. Deploy Dynatrace Operator.

kubectl create namespace dynatrace
kubectl apply -f kubernetes.yaml
  1. Download the cr.yaml file for DynaKube custom resource.
wget https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/master/config/samples/cr.yaml
  1. Open cr.yaml in a text editor and make the following changes:
  • Change useImmutableImage to true.
  • Adapt other values according to the parameters section of the Dynatrace Operator deployment page.
    Note: When using the immutable image, fields such as proxy, trustedCAs, and skipCertCheck are ignored. Kubernetes attempts to pull images straight from your registry. These network settings must be configured directly on the node.
  1. Deploy the DynaKube custom resource.
kubectl apply -f cr.yaml